<aside> 📢 This is the temporary home for secrets management documentation. Please email any feedback or recommended changes to this page to [email protected].

</aside>

Introduction

It's generally considered bad practice to store unencrypted secrets in a git repository. If your application needs access to sensitive credentials the recommended solution is to store those credentials in a file that is not committed to the repository and to pass them as environment variables.

Secrets Management allows you to store secrets securely and access them in your Streamlit app as environment variables.

How to use Secrets Management

Deploy an app and set up secrets

  1. Go to http://share.streamlit.io/ and click "New app" to deploy a new app with secrets.

  2. Click "Advanced settings..."

  3. You will see a modal appear with an input box for your secrets.

    https://s3-us-west-2.amazonaws.com/secure.notion-static.com/e5ef45db-5096-46d6-a14b-a52046626b46/Screen_Shot_2021-04-08_at_4.50.58_PM.png

  4. Provide your secrets in the "Secrets" field using TOML format. For example:

    # Everything in this section will be available as an environment variable 
db_username = "Jane"
db_password = "12345qwerty"

# You can also add other sections if you like.
# The contents of sections as shown below will not become environment variables,
# but they'll be easily accessible from within Streamlit anyway as we show
# later in this doc.   
[my_cool_secrets]
things_i_like = ["Streamlit", "Python"]

Use secrets in your app

Access your secrets as environment variables or by querying the st.secrets dict. For example, if you enter the secrets from the section above, the code below shows you how you can access them within your Streamlit app.

import streamlit as st

# Everything is accessible via the st.secrets dict:

st.write("DB username:", st.secrets["db_username"])
st.write("DB password:", st.secrets["db_password"])
st.write("My cool secrets:", st.secrets["my_cool_secrets"]["things_i_like"])

# And the root-level secrets are also accessible as environment variables:

import os
st.write(
		"Has environment variables been set:",
		os.environ["db_username"] == st.secrets["db_username"])

Pro-tip! You can use TOML sections to compactly pass multiple secrets as a single attribute.

Consider the following secrets:

[db_credentials]
username = "my_username"
password = "my_password"

Rather than passing each secret as attributes in a function, you can more compactly pass the section to achieve the same result. See the notional code below which uses the secrets above: